cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-05 19:42:16 -04:00
Code Issues Packages Projects Releases Wiki Activity
23,193 Commits 7 Branches 115 Tags
Commit Graph

3391 Commits

Author SHA1 Message Date
Gilles Peskine
10ada35019
Merge pull request #7022 from daverodgman/3DES-warning 
Improve warnings for DES/3DES
 2023-02-03 16:41:34 +01:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3 
Parsing v3 extensions from a CSR - v.2
 2023-02-03 16:41:11 +01:00
Dave Rodgman
fdbfaafc2f Additional warnings in cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 13:44:31 +00:00
Dave Rodgman
23caf02c5b Update warnings in cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 13:17:34 +00:00
Dave Rodgman
c04515b83c Improve warnings for DES/3DES 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 10:47:58 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843 
Improve X.509 cert writing serial number management
 2023-01-30 13:08:57 +01:00
Valerio Setti
9b5e1da8f8 fixing a typo in comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-27 11:29:35 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215 
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
 2023-01-27 10:05:00 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-26 17:43:09 +01:00
Przemek Stekiel
cf6ff0fb43 Move common functions for crt/csr parsing to x509.c 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Przemek Stekiel
21c37288e5 Adapt function names 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Przemek Stekiel
cbaf3167dd mbedtls_x509_csr_info: Add parsing code for v3 csr extensions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Jens Alfke
2d9e359275 Parsing v3 extensions from a CSR 
A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.

Author: Jens Alfke <jens@couchbase.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:56:55 +01:00
Dave Rodgman
fa96026a0e Move definition of asm out of public header 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-20 14:04:48 +00:00
Dave Rodgman
cb0f2c4491 Tidy-up - move asm #define into build_info.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-20 14:04:48 +00:00
Gilles Peskine
bba2630549 Add ECJPAKE secret input types to psa/crypto_config.h 
Add PSA_WANT_KEY_TYPE_PASSWORD and PSA_WANT_KEY_TYPE_PASSWORD_HASH to
psa/crypto_config.h, since the types PSA_KEY_TYPE_PASSWORD and
PSA_KEY_TYPE_PASSWORD_HASH are used by ECJPAKE.

The two key types are always enabled, like PSA_KEY_TYPE_DERIVE.

Add the key types to the metadata test suite as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-19 12:11:19 +01:00
Pengyu Lv
acecf9c95b make ticket_flags param types consistent 
When ticket_flags used as parameter, use unsigned int,
instead of uint8_t or mbedtls_ssl_tls13_ticket_flags.Also
remove the definition of mbedtls_ssl_tls13_ticket_flags.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-16 11:23:24 +08:00
Pengyu Lv
ee455c01ce move ticket_flags debug helpers 
The debug helpers printing ticket_flags status are
moved to ssl_tls.c and ssl_debug_helpers.h.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:06:01 +08:00
Pengyu Lv
189465306d remove MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE error 
Return MBEDTLS_ERR_ERROR_GENERIC_ERROR when ticket_flags
are not compatible with advertised key exchange mode.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:06:00 +08:00
Pengyu Lv
a1aa31b8b1 fix review comments 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:58 +08:00
Pengyu Lv
3eb49be6a8 move kex mode check in ticket_flags to psks_check_identity_match_ticket 
Move the kex mode check in ticket_flags to
ssl_tls13_offered_psks_check_identity_match_ticket and add new error
'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:55 +08:00
Pengyu Lv
5b8dcd2097 Add debug helper to print ticket_flags status 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:52 +08:00
Valerio Setti
746def5ade x509: renaming of buffer variables in new serial setting function 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti
acf12fb744 x509: fix endianness and input data format for x509write_crt_set_serial_new 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23 fix: add missing deprecation guards 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti
da0afcc2fb x509: remove direct dependency from BIGNUM_C 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Gilles Peskine
449bd8303e Switch to the new code style 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:50:10 +01:00
Manuel Pégourié-Gonnard
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830 
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
 2023-01-10 10:01:17 +01:00
Manuel Pégourié-Gonnard
3368724ade
Merge pull request #6870 from valeriosetti/issue6831 
Document/test dependencies on ECP & Bignum
 2023-01-10 09:25:41 +01:00
Gilles Peskine
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype 
TLS 1.3: Upstream misc fix from prototype
 2023-01-05 14:35:54 +01:00
Valerio Setti
8e45cdd440 fix wrong dependency for X509_TRUSTED_CERTIFICATE_CALLBACK 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-05 09:33:38 +01:00
Valerio Setti
8841d6b2f6 add missing dependency documentation for SSL_ASYNC_PRIVATE 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-05 08:40:24 +01:00
Valerio Setti
a4bb0fabea check_config: add missing dependencies for the build without BIGNUM 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-03 16:20:43 +01:00
Valerio Setti
18c9fed857 tls: remove dependency from mbedtls_ecp_curve functions 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-03 13:03:34 +01:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702 
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
 2023-01-03 09:36:58 +01:00
Valerio Setti
e269750f0d sha: fix description for starts functions 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-23 14:29:54 +01:00
Valerio Setti
d55cb5b3f0 sha: decline MD defines for various SHA 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-22 14:26:55 +01:00
Valerio Setti
d10e0a6341 sha: fix minor issues/typos 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-22 14:25:26 +01:00
Manuel Pégourié-Gonnard
a6e0291c51 Update documentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-21 09:59:33 +01:00
Valerio Setti
e7221a21ad test: adjust depends.py to new SHA224/SHA384 changes 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-16 14:43:48 +01:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa 
Document ECP_RESTARTABLE and make it compatible with USE_PSA
 2022-12-15 19:47:44 +01:00
Dave Rodgman
01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3 
Merge back 3.3.0 3
 2022-12-14 19:18:05 +00:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599 
Allow isolation of EC J-PAKE password when used in TLS
 2022-12-14 11:04:33 +01:00
Valerio Setti
a3f99591f6 sha: make SHA-224 independent from SHA-256 
Using proper configuration options (i.e. MBEDTLS_SHA224_C and
MBEDTLS_SHA256_C) it is now possible to build SHA224 and SHA256
independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-14 10:56:54 +01:00
Valerio Setti
43363f5962 sha: make SHA-384 independent from SHA-512 
Using proper configuration options (i.e. MBEDTLS_SHA384_C and
MBEDTLS_SHA512_C) it is now possible to build SHA384 and SHA512
independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-14 08:53:23 +01:00
Manuel Pégourié-Gonnard
2b70a3f831
Merge pull request #6558 from lpy4105/6416-psa_macros_name_typo 
check_names: extend typo check to PSA macro/enum names
 2022-12-13 09:56:27 +01:00
Manuel Pégourié-Gonnard
b2812cc274 Clarify documentation of ECP_RESTARTABLE 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-09 10:09:34 +01:00
Manuel Pégourié-Gonnard
ad45c4d386 Document that ECP_RESTARTABLE depends on ECP_C 
This is not new, it had always been the case, just not documented.

Pointed out by depends.py pkalgs (again, now that restartable is part of
full).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
578664601e Fix missing dependency declaration in test 
muladd() (restartable or not) is only available when at least one short
weirstrass curve is enabled.

Found by depends.py curves (now that restartable is part of full).

Also, document that restartable only work for short weierstrass curves
(actually unrelated, but this made me think of that).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
55a188b420 Clarify the "restart vs use PSA" situation in TLS 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-09 10:09:33 +01:00